I installed the package with the logfiles auth.log. When running logcheck I get the message
sudo -u logcheck logcheck
egrep: empty (sub)expression
The logfile is there, contains logs and looks normal.
Similar to https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=251775
For me, this was not the port, it was me https://twitter.com/DLangille/status/1398804202965581826
Try running this to identify the file in question:
echo bash -x /usr/local/sbin/logcheck | sudo su -fm logcheck
See above for details.
I cant find any strangely named files in the logcheck configuration directory. Also in the output of your command doesnt does not show something like thatn.
The error doesnt happen every run so it seems to be related to the content of the logfiles.
In which case, when it happens, run the above command, to see if you can reproduce the issue. That will help identify the file in question. Take a copy of that file and hopefully we can track it down.
Do you have custom files installed with logcheck? I do. Often, it's my own rules which fail.